Anyway, looks like a lot of people have
expressed interest in how we do xml-rpc over
(under?)
ssl, and a lot of speculation. Of course, the answers
are in the source code ;->

Basically, there is a https class hacked into
the python package based on the M2Crypto openssl
bindings (in the openssl-python package).
Then some mods to python-xmlprc to allow
the use of https and to do CA checking.
This is what the client apps use to do ssl